For those of you who need to allow identd (auth) queries from IRC and/or SMTP servers, 
this should do it for you.  These are meant to be used on either a standalone box 
directly connected to the internet or a workstation behind a firewall.  These will
be useless on a gateway/firewall box.  Well, actually, with midentd running on the
gateway/firewall and some modification of this to --set the IDENT table in the
outgoing FORWARD chain instead of the OUTPUT chain would probably work just fine,
but I've not tested it...  If you do, and you can enlighten me one way or the other,
please mail rlw AT rlworkman.net     --robw810

# Put an entry in /proc/net/ipt_recent/IDENT with the destination address of
# outgoing SYN packets to SMTP (25 & 587) and IRC (6660:6670 & 7000)
# Adjust port numbers as needed
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 25,587,6660:6670,7000 \
--syn -m state --state NEW -m recent --set --rdest --name IDENT -j ACCEPT

# Check incoming traffic on port 113 to see if the source address matches the 
# one recorded on outgoing requests, and that it arrives within ten seconds
# If so, accept it; othewise, hit next rule and progress toward chain POLICY
iptables -A INPUT -i eth0 -p tcp --dport 113 -m state --state NEW --syn -m recent \
--rcheck --rsource --seconds 10 --name IDENT -j ACCEPT